forked from rpms/openssh
C99 compatiblity fixes
Apply upstream patches from the portable OpenSSH project to fix C99 compatibility issues in the configure script. For the PAM agent integration, apply a custom downstream fix, as the proposed upstream changes have not been merged yet. Related to: <https://fedoraproject.org/wiki/Changes/PortingToModernC> <https://fedoraproject.org/wiki/Toolchain/PortingToModernC>
This commit is contained in:
parent
e3597c03f1
commit
d5591fb5ab
26
openssh-configure-c99-1.patch
Normal file
26
openssh-configure-c99-1.patch
Normal file
@ -0,0 +1,26 @@
|
||||
commit 40b0a5eb6e3edfa2886b60c09c7803353b0cc7f5
|
||||
Author: Sam James <sam@gentoo.org>
|
||||
Date: Sun Nov 6 04:47:35 2022 +0000
|
||||
|
||||
configure.ac: Add <pty.h> include for openpty
|
||||
|
||||
Another Clang 16ish fix (which makes -Wimplicit-function-declaration
|
||||
an error by default). github PR#355.
|
||||
|
||||
See: 2efd71da49b9cfeab7987058cf5919e473ff466b
|
||||
See: be197635329feb839865fdc738e34e24afd1fca8
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 1e77ecfc..1866aea5 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -2373,6 +2373,9 @@ if test ! -z "$check_for_openpty_ctty_bug"; then
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
+#ifdef HAVE_PTY_H
|
||||
+# include <pty.h>
|
||||
+#endif
|
||||
#include <sys/fcntl.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
47
openssh-configure-c99-2.patch
Normal file
47
openssh-configure-c99-2.patch
Normal file
@ -0,0 +1,47 @@
|
||||
commit 32fddb982fd61b11a2f218a115975a87ab126d43
|
||||
Author: Darren Tucker <dtucker@dtucker.net>
|
||||
Date: Mon Nov 7 10:39:01 2022 +1100
|
||||
|
||||
Fix setres*id checks to work with clang-16.
|
||||
|
||||
glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE,
|
||||
and clang 16 will error out on implicit function definitions, so add
|
||||
_GNU_SOURCE and the required headers to the configure checks. From
|
||||
sam at @gentoo.org via bz#3497.
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 4bf758ac..e172540a 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -863,7 +863,8 @@ int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
|
||||
check_for_openpty_ctty_bug=1
|
||||
dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
|
||||
dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
|
||||
- CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE"
|
||||
+ dnl _GNU_SOURCE is needed for setres*id prototypes.
|
||||
+ CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE"
|
||||
AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels])
|
||||
AC_DEFINE([PAM_TTY_KLUDGE], [1],
|
||||
[Work around problematic Linux PAM modules handling of PAM_TTY])
|
||||
@@ -2168,8 +2169,9 @@ AC_CHECK_FUNCS([setresuid], [
|
||||
AC_MSG_CHECKING([if setresuid seems to work])
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_PROGRAM([[
|
||||
-#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <unistd.h>
|
||||
]], [[
|
||||
errno=0;
|
||||
setresuid(0,0,0);
|
||||
@@ -2191,8 +2193,9 @@ AC_CHECK_FUNCS([setresgid], [
|
||||
AC_MSG_CHECKING([if setresgid seems to work])
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_PROGRAM([[
|
||||
-#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <unistd.h>
|
||||
]], [[
|
||||
errno=0;
|
||||
setresgid(0,0,0);
|
41
openssh-configure-c99-3.patch
Normal file
41
openssh-configure-c99-3.patch
Normal file
@ -0,0 +1,41 @@
|
||||
commit 5eb796a369c64f18d55a6ae9b1fa9b35eea237fb
|
||||
Author: Harmen Stoppels <harmenstoppels@gmail.com>
|
||||
Date: Thu Oct 13 16:08:46 2022 +0200
|
||||
|
||||
Fix snprintf configure test for clang 15
|
||||
|
||||
Clang 15 -Wimplicit-int defaults to an error in C99 mode and above.
|
||||
A handful of tests have "main(..." and not "int main(..." which caused
|
||||
the tests to produce incorrect results.
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index de60a1b1..165c49de 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -713,7 +713,7 @@ case "$host" in
|
||||
AC_RUN_IFELSE([AC_LANG_SOURCE([[
|
||||
#include <mach-o/dyld.h>
|
||||
#include <stdlib.h>
|
||||
-main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
|
||||
+int main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
|
||||
exit(0);
|
||||
else
|
||||
exit(1);
|
||||
@@ -4259,7 +4259,7 @@ dnl test snprintf (broken on SCO w/gcc)
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#ifdef HAVE_SNPRINTF
|
||||
-main()
|
||||
+int main()
|
||||
{
|
||||
char buf[50];
|
||||
char expected_out[50];
|
||||
@@ -4276,7 +4276,7 @@ main()
|
||||
exit(0);
|
||||
}
|
||||
#else
|
||||
-main() { exit(0); }
|
||||
+int main() { exit(0); }
|
||||
#endif
|
||||
]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
|
||||
AC_MSG_WARN([cross compiling: Assuming working snprintf()])
|
17
openssh.spec
17
openssh.spec
@ -54,7 +54,7 @@
|
||||
Summary: An open source implementation of SSH protocol version 2
|
||||
Name: openssh
|
||||
Version: %{openssh_ver}
|
||||
Release: %{openssh_rel}%{?dist}.1
|
||||
Release: %{openssh_rel}%{?dist}.2
|
||||
URL: http://www.openssh.com/portable.html
|
||||
#URL1: https://github.com/jbeverly/pam_ssh_agent_auth/
|
||||
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
||||
@ -106,6 +106,7 @@ Patch306: pam_ssh_agent_auth-0.10.2-compat.patch
|
||||
Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2070113
|
||||
Patch308: pam_ssh_agent_auth-0.10.4-rsasha2.patch
|
||||
Patch309: pam_ssh_agent-configure-c99.patch
|
||||
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
|
||||
Patch400: openssh-7.8p1-role-mls.patch
|
||||
@ -236,6 +237,10 @@ Patch1004: openssh-8.7p1-gssapi-auth.patch
|
||||
# https://github.com/openssh/openssh-portable/pull/323
|
||||
Patch1006: openssh-8.7p1-negotiate-supported-algs.patch
|
||||
|
||||
Patch1007: openssh-configure-c99-1.patch
|
||||
Patch1008: openssh-configure-c99-2.patch
|
||||
Patch1009: openssh-configure-c99-3.patch
|
||||
|
||||
# downstream only
|
||||
# we skip some ssh-rsa/ssh-dss tests to make native test suite pass
|
||||
#Patch1100: openssh-8.8p1-skip-some-tests.patch
|
||||
@ -314,7 +319,7 @@ Requires: openssh = %{version}-%{release}
|
||||
%package -n pam_ssh_agent_auth
|
||||
Summary: PAM module for authentication with ssh-agent
|
||||
Version: %{pam_ssh_agent_ver}
|
||||
Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}.1
|
||||
Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}.2
|
||||
License: BSD
|
||||
|
||||
%description
|
||||
@ -375,6 +380,7 @@ pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
||||
%patch305 -p2 -b .psaa-agent
|
||||
%patch307 -p2 -b .psaa-deref
|
||||
%patch308 -p2 -b .rsasha2
|
||||
%patch309 -p1 -b .psaa-configure-c99
|
||||
# Remove duplicate headers and library files
|
||||
rm -f $(cat %{SOURCE5})
|
||||
popd
|
||||
@ -441,6 +447,10 @@ popd
|
||||
|
||||
%patch1006 -p1 -b .negotiate-supported-algs
|
||||
|
||||
%patch1007 -p1 -b .configure-c99-1
|
||||
%patch1008 -p1 -b .configure-c99-2
|
||||
%patch1009 -p1 -b .configure-c99-3
|
||||
|
||||
#%patch1100 -p1 -b .skipsshrsadsstests
|
||||
|
||||
%patch100 -p1 -b .coverity
|
||||
@ -749,6 +759,9 @@ test -f %{sysconfig_anaconda} && \
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Apr 12 2023 Florian Weimer <fweimer@redhat.com> - 9.0p1-14.2
|
||||
- C99 compatiblity fixes
|
||||
|
||||
* Tue Mar 14 2023 Timothée Ravier <tim@siosm.fr> - 9.0p1-14
|
||||
- Make sshd & sshd@ units want ssh-host-keys-migration.service
|
||||
|
||||
|
249
pam_ssh_agent-configure-c99.patch
Normal file
249
pam_ssh_agent-configure-c99.patch
Normal file
@ -0,0 +1,249 @@
|
||||
configure.ac: Improve C99 compatibility
|
||||
|
||||
Future compilers will not support implicit declarations and implicit
|
||||
ints by default. This means that configure probes which rely on them
|
||||
will fail unconditionally, without actually testing anything.
|
||||
|
||||
The changes mostly mirror what has been implemented in the openssh
|
||||
repository, but had to be adapted somewhat because of drift between
|
||||
the two versions of configure.ac.
|
||||
|
||||
Sam James has submitted similar fixes upstream:
|
||||
|
||||
<https://github.com/jbeverly/pam_ssh_agent_auth/pull/41>
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 6496679..d927b62 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -500,10 +500,10 @@ int main(void) { exit(0); }
|
||||
AC_DEFINE(HAVE_BUNDLE, 1, [Define if your system uses bundles instead of ELF shared objects])
|
||||
AC_MSG_CHECKING(if we have working getaddrinfo)
|
||||
AC_TRY_RUN([#include <mach-o/dyld.h>
|
||||
-main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
|
||||
- exit(0);
|
||||
+int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
|
||||
+ return 0;
|
||||
else
|
||||
- exit(1);
|
||||
+ return 1;
|
||||
}], [AC_MSG_RESULT(working)],
|
||||
[AC_MSG_RESULT(buggy)
|
||||
AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
|
||||
@@ -917,8 +917,8 @@ AC_SUBST(LDFLAGS_SHARED)
|
||||
AC_MSG_CHECKING(compiler and flags for sanity)
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_SOURCE([
|
||||
-#include <stdio.h>
|
||||
-int main(){exit(0);}
|
||||
+#include <stdlib.h>
|
||||
+int main(void){exit(0);}
|
||||
])],
|
||||
[ AC_MSG_RESULT(yes) ],
|
||||
[
|
||||
@@ -951,9 +951,9 @@ int main(int argc, char **argv) {
|
||||
strncpy(buf,"/etc", 32);
|
||||
s = dirname(buf);
|
||||
if (!s || strncmp(s, "/", 32) != 0) {
|
||||
- exit(1);
|
||||
+ return 1;
|
||||
} else {
|
||||
- exit(0);
|
||||
+ return 0;
|
||||
}
|
||||
}
|
||||
]])],
|
||||
@@ -1102,7 +1102,7 @@ AC_RUN_IFELSE(
|
||||
[AC_LANG_SOURCE([[
|
||||
#include <sys/types.h>
|
||||
#include <dirent.h>
|
||||
-int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
|
||||
+int main(void){struct dirent d;return sizeof(d.d_name)<=sizeof(char);}
|
||||
]])],
|
||||
[AC_MSG_RESULT(yes)],
|
||||
[
|
||||
@@ -1327,8 +1327,10 @@ AC_CHECK_FUNCS(setresuid, [
|
||||
AC_MSG_CHECKING(if setresuid seems to work)
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_SOURCE([[
|
||||
+#define _GNU_SOURCE
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
+#include <unistd.h>
|
||||
int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
|
||||
]])],
|
||||
[AC_MSG_RESULT(yes)],
|
||||
@@ -1344,8 +1346,10 @@ AC_CHECK_FUNCS(setresgid, [
|
||||
AC_MSG_CHECKING(if setresgid seems to work)
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_SOURCE([[
|
||||
+#define _GNU_SOURCE
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
+#include <unistd.h>
|
||||
int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
|
||||
]])],
|
||||
[AC_MSG_RESULT(yes)],
|
||||
@@ -1384,7 +1388,7 @@ if test "x$ac_cv_func_snprintf" = "xyes" ; then
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_SOURCE([[
|
||||
#include <stdio.h>
|
||||
-int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
|
||||
+int main(void){char b[5];snprintf(b,5,"123456789");return b[4]!='\0';}
|
||||
]])],
|
||||
[AC_MSG_RESULT(yes)],
|
||||
[
|
||||
@@ -1418,7 +1422,7 @@ int x_snprintf(char *str,size_t count,const char *fmt,...)
|
||||
int main(void)
|
||||
{
|
||||
char x[1];
|
||||
- exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
|
||||
+ return x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1;
|
||||
} ]])],
|
||||
[AC_MSG_RESULT(yes)],
|
||||
[
|
||||
@@ -1467,7 +1471,8 @@ AC_MSG_CHECKING([for (overly) strict mkstemp])
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_SOURCE([[
|
||||
#include <stdlib.h>
|
||||
-main() { char template[]="conftest.mkstemp-test";
|
||||
+#include <unistd.h>
|
||||
+int main(void) { char template[]="conftest.mkstemp-test";
|
||||
if (mkstemp(template) == -1)
|
||||
exit(1);
|
||||
unlink(template); exit(0);
|
||||
@@ -1492,10 +1497,14 @@ if test ! -z "$check_for_openpty_ctty_bug"; then
|
||||
AC_MSG_CHECKING(if openpty correctly handles controlling tty)
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_SOURCE([[
|
||||
+#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/fcntl.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
+#ifdef HAVE_PTY_H
|
||||
+#include <pty.h>
|
||||
+#endif
|
||||
|
||||
int
|
||||
main()
|
||||
@@ -1543,6 +1552,7 @@ if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_SOURCE([[
|
||||
#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netdb.h>
|
||||
#include <errno.h>
|
||||
@@ -1748,6 +1758,7 @@ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
|
||||
AC_MSG_CHECKING([OpenSSL header version])
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_SOURCE([[
|
||||
+#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <openssl/opensslv.h>
|
||||
@@ -1794,12 +1805,12 @@ int main(void) {
|
||||
|
||||
fd = fopen(DATA,"w");
|
||||
if(fd == NULL)
|
||||
- exit(1);
|
||||
+ return 1;
|
||||
|
||||
if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
|
||||
- exit(1);
|
||||
+ return 1;
|
||||
|
||||
- exit(0);
|
||||
+ return 0;
|
||||
}
|
||||
]])],
|
||||
[
|
||||
@@ -1829,7 +1840,7 @@ AC_RUN_IFELSE(
|
||||
[AC_LANG_SOURCE([[
|
||||
#include <string.h>
|
||||
#include <openssl/opensslv.h>
|
||||
-int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
|
||||
+int main(void) { return SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1; }
|
||||
]])],
|
||||
[
|
||||
AC_MSG_RESULT(yes)
|
||||
@@ -2598,7 +2609,7 @@ dnl test snprintf (broken on SCO w/gcc)
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#ifdef HAVE_SNPRINTF
|
||||
-main()
|
||||
+int main(void)
|
||||
{
|
||||
char buf[50];
|
||||
char expected_out[50];
|
||||
@@ -2611,11 +2622,11 @@ main()
|
||||
strcpy(expected_out, "9223372036854775807");
|
||||
snprintf(buf, mazsize, "%lld", num);
|
||||
if(strcmp(buf, expected_out) != 0)
|
||||
- exit(1);
|
||||
- exit(0);
|
||||
+ return 1;
|
||||
+ return 0;
|
||||
}
|
||||
#else
|
||||
-main() { exit(0); }
|
||||
+int main(void) { return 0; }
|
||||
#endif
|
||||
]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
|
||||
AC_MSG_WARN([cross compiling: Assuming working snprintf()])
|
||||
@@ -2746,11 +2757,11 @@ AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
|
||||
int main() {
|
||||
#ifdef msg_accrights
|
||||
#error "msg_accrights is a macro"
|
||||
-exit(1);
|
||||
+return 1;
|
||||
#endif
|
||||
struct msghdr m;
|
||||
m.msg_accrights = 0;
|
||||
-exit(0);
|
||||
+return 0;
|
||||
}
|
||||
])],
|
||||
[ ac_cv_have_accrights_in_msghdr="yes" ],
|
||||
@@ -2773,11 +2784,11 @@ AC_CACHE_CHECK([for msg_control field in struct msghdr],
|
||||
int main() {
|
||||
#ifdef msg_control
|
||||
#error "msg_control is a macro"
|
||||
-exit(1);
|
||||
+return 1;
|
||||
#endif
|
||||
struct msghdr m;
|
||||
m.msg_control = 0;
|
||||
-exit(0);
|
||||
+return 0;
|
||||
}
|
||||
])],
|
||||
[ ac_cv_have_control_in_msghdr="yes" ],
|
||||
@@ -2791,7 +2802,7 @@ if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
|
||||
fi
|
||||
|
||||
AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
|
||||
- AC_TRY_LINK([],
|
||||
+ AC_TRY_LINK([#include <stdio.h>],
|
||||
[ extern char *__progname; printf("%s", __progname); ],
|
||||
[ ac_cv_libc_defines___progname="yes" ],
|
||||
[ ac_cv_libc_defines___progname="no" ]
|
||||
@@ -2871,7 +2882,7 @@ if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
|
||||
fi
|
||||
|
||||
AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
|
||||
- AC_TRY_LINK([],
|
||||
+ AC_TRY_LINK([#include <stdio.h>],
|
||||
[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
|
||||
[ ac_cv_libc_defines_sys_errlist="yes" ],
|
||||
[ ac_cv_libc_defines_sys_errlist="no" ]
|
||||
@@ -2884,7 +2895,7 @@ fi
|
||||
|
||||
|
||||
AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
|
||||
- AC_TRY_LINK([],
|
||||
+ AC_TRY_LINK([#include <stdio.h>],
|
||||
[ extern int sys_nerr; printf("%i", sys_nerr);],
|
||||
[ ac_cv_libc_defines_sys_nerr="yes" ],
|
||||
[ ac_cv_libc_defines_sys_nerr="no" ]
|
Loading…
Reference in New Issue
Block a user